Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/4abf81-5417-43ac-b59c-155b39e076c2/1/STi4I8sG96eo3VPJ65NFCI64EAE.roa
File:                     STi4I8sG96eo3VPJ65NFCI64EAE.roa (raw, json)
Hash identifier:          /qNhRrl9OQMqxbMusKPE+tUs21JHJCDgrFTNmZwrYmA=
Subject key identifier:   49:38:B8:23:CB:06:F7:A7:A8:DD:53:C9:EB:93:45:08:8E:B8:10:01
Certificate issuer:       /CN=3ffc6cdfe196d5b39d2ea60e90c95db70445d9b9
Certificate serial:       019A27BFF5A3B9531A6664BCF5025E5086E3
Authority key identifier: 3F:FC:6C:DF:E1:96:D5:B3:9D:2E:A6:0E:90:C9:5D:B7:04:45:D9:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P_xs3-GW1bOdLqYOkMldtwRF2bk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/4abf81-5417-43ac-b59c-155b39e076c2/1/STi4I8sG96eo3VPJ65NFCI64EAE.roa
Signing time:             Mon 27 Oct 2025 22:18:02 +0000
ROA not before:           Mon 27 Oct 2025 22:18:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        195.20.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/4abf81-5417-43ac-b59c-155b39e076c2/1/P_xs3-GW1bOdLqYOkMldtwRF2bk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/4abf81-5417-43ac-b59c-155b39e076c2/1/P_xs3-GW1bOdLqYOkMldtwRF2bk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P_xs3-GW1bOdLqYOkMldtwRF2bk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:27:bf:f5:a3:b9:53:1a:66:64:bc:f5:02:5e:50:86:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ffc6cdfe196d5b39d2ea60e90c95db70445d9b9
        Validity
            Not Before: Oct 27 22:18:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4938b823cb06f7a7a8dd53c9eb9345088eb81001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c1:78:c9:d3:49:4c:64:b6:6f:c8:24:f4:9f:
                    26:20:0b:1e:14:7a:5a:51:32:87:32:a3:44:20:a7:
                    27:6d:a2:0e:08:9e:18:18:5f:9f:bf:e6:2c:53:37:
                    d8:30:9c:c5:37:f8:4a:07:23:5b:9b:53:b3:ad:fb:
                    c9:0f:72:fe:96:02:0d:81:6f:93:db:69:75:1d:68:
                    23:a7:88:a6:df:53:f6:15:8a:96:73:bb:a6:2d:b9:
                    a5:56:f4:78:68:c3:15:52:74:0d:15:76:54:e8:9b:
                    9e:e2:32:4b:f0:df:56:33:3e:66:48:ad:b9:20:63:
                    ad:be:93:6b:5a:2b:84:64:70:50:78:c8:e8:c4:70:
                    8a:d1:da:9d:0a:9c:84:b6:31:33:5b:90:b0:e7:c8:
                    02:15:89:59:e1:26:56:ec:4f:b7:d6:b4:30:dc:31:
                    ed:b1:ca:e6:3c:1a:76:95:82:1e:4a:ef:7d:99:86:
                    16:88:97:64:55:79:57:05:48:3b:a7:46:77:b5:e0:
                    c2:30:86:7c:da:16:ab:7c:40:df:16:8a:7b:d0:64:
                    0a:ae:29:d4:c8:ea:af:fa:8d:2d:ef:e7:5e:fa:03:
                    d4:5f:00:19:2d:0c:7f:aa:8f:9d:31:84:c4:3f:b9:
                    71:cf:77:39:ba:d2:f9:16:00:30:46:05:99:68:27:
                    27:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:38:B8:23:CB:06:F7:A7:A8:DD:53:C9:EB:93:45:08:8E:B8:10:01
            X509v3 Authority Key Identifier:
                keyid:3F:FC:6C:DF:E1:96:D5:B3:9D:2E:A6:0E:90:C9:5D:B7:04:45:D9:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P_xs3-GW1bOdLqYOkMldtwRF2bk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/4abf81-5417-43ac-b59c-155b39e076c2/1/STi4I8sG96eo3VPJ65NFCI64EAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/4abf81-5417-43ac-b59c-155b39e076c2/1/P_xs3-GW1bOdLqYOkMldtwRF2bk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:f2:99:79:ac:22:e4:c7:bc:85:1f:d2:54:ea:65:4e:7b:e8:
         65:29:0c:2e:45:6f:c4:a6:ad:ff:cd:e2:2c:84:e2:91:8c:e6:
         52:7d:27:de:4c:67:5d:ab:69:dc:ee:2d:4d:90:c1:be:ac:f1:
         7c:0a:29:87:bc:b5:95:ae:42:d9:14:35:7d:95:b5:62:09:ee:
         d7:06:fc:f3:7c:13:8d:f0:3e:e4:82:f7:ed:ba:40:1c:e2:0e:
         7b:c3:7b:08:ef:c5:8c:f6:fe:50:48:37:8c:f7:de:06:c4:0a:
         82:d4:b0:f1:48:a2:8b:f7:3e:b1:a0:ef:9b:48:5e:4e:a3:50:
         2f:0f:f5:54:d4:f2:c0:6d:17:bb:81:f8:76:f0:78:b5:9e:74:
         d6:1a:9d:d6:9a:f2:d7:63:51:c6:07:9b:63:de:38:75:27:8d:
         e6:fa:de:22:b5:a7:5d:98:b9:f5:6f:64:04:ce:c8:75:3d:41:
         1f:9f:57:c1:b1:4e:dc:dd:c5:95:0d:07:06:4e:3c:74:04:33:
         b5:28:19:1f:fe:71:4a:b6:ee:d3:55:c4:47:fe:86:77:5e:10:
         8c:9f:15:4b:89:9f:3c:14:df:dc:ab:94:56:e6:b8:3f:6c:5a:
         06:6a:3b:f9:e4:d3:2c:88:75:02:09:d8:50:f6:a2:4a:12:b4:
         1d:51:be:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZonv/WjuVMaZmS89QJeUIbjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZmM2Y2RmZTE5NmQ1YjM5ZDJlYTYwZTkwYzk1ZGI3MDQ0
NWQ5YjkwHhcNMjUxMDI3MjIxODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTM4YjgyM2NiMDZmN2E3YThkZDUzYzllYjkzNDUwODhlYjgxMDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsF4ydNJTGS2b8gk9J8mIAseFHpa
UTKHMqNEIKcnbaIOCJ4YGF+fv+YsUzfYMJzFN/hKByNbm1OzrfvJD3L+lgINgW+T
22l1HWgjp4im31P2FYqWc7umLbmlVvR4aMMVUnQNFXZU6Jue4jJL8N9WMz5mSK25
IGOtvpNrWiuEZHBQeMjoxHCK0dqdCpyEtjEzW5Cw58gCFYlZ4SZW7E+31rQw3DHt
scrmPBp2lYIeSu99mYYWiJdkVXlXBUg7p0Z3teDCMIZ82harfEDfFop70GQKrinU
yOqv+o0t7+de+gPUXwAZLQx/qo+dMYTEP7lxz3c5utL5FgAwRgWZaCcnMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEk4uCPLBvenqN1TyeuTRQiOuBABMB8GA1UdIwQY
MBaAFD/8bN/hltWznS6mDpDJXbcERdm5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUF94czMtR1cxYk9kTHFZT2tNbGR0d1JGMmJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy80YWJmODEtNTQxNy00M2FjLWI1OWMt
MTU1YjM5ZTA3NmMyLzEvU1RpNEk4c0c5NmVvM1ZQSjY1TkZDSTY0RUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy80YWJmODEtNTQxNy00M2FjLWI1OWMtMTU1YjM5ZTA3NmMy
LzEvUF94czMtR1cxYk9kTHFZT2tNbGR0d1JGMmJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxSSMA0G
CSqGSIb3DQEBCwUAA4IBAQBY8pl5rCLkx7yFH9JU6mVOe+hlKQwuRW/Epq3/zeIs
hOKRjOZSfSfeTGddq2nc7i1NkMG+rPF8CimHvLWVrkLZFDV9lbViCe7XBvzzfBON
8D7kgvftukAc4g57w3sI78WM9v5QSDeM994GxAqC1LDxSKKL9z6xoO+bSF5Oo1Av
D/VU1PLAbRe7gfh28Hi1nnTWGp3WmvLXY1HGB5tj3jh1J43m+t4itaddmLn1b2QE
zsh1PUEfn1fBsU7c3cWVDQcGTjx0BDO1KBkf/nFKtu7TVcRH/oZ3XhCMnxVLiZ88
FN/cq5RW5rg/bFoGajv55NMsiHUCCdhQ9qJKErQdUb4B
-----END CERTIFICATE-----